<?php
	require '../include/library.inc.php';
	
	if ($_SESSION['ADMIN_SID'] == 1) {
		redirect("index.php");
	}
	
	if (!isset($_POST['is_submitted'])) {
    	$_POST['is_submitted'] = '';
	}
	if (!isset($_POST['email'])) {
		$_POST['email'] = '';
	}
	if (!isset($_POST['password'])) {
		$_POST['password'] = '';
	}
	if (!isset($error_message)) {
		$error_message = '';
	}
	
	if ($_POST['is_submitted']) {
		$error_message = '';
		
		if (!$_POST['email']) $error_message .= 'E-mail is required<br/>';
		else $_POST['email'] = escape($_POST['email']);
		if (!$_POST['password']) $error_message .= 'Password is required<br/>';
		else $_POST['password'] = escape($_POST['password']);
	
		if (!$error_message) {
			$sql = "SELECT
						admin_id,
						full_name
					   FROM
						 admins
					   WHERE
						 email = \"".escape($_POST['email'])."\"
					   AND
						 hash_password = \"".md5($_POST['password'])."\"
					";
			
			$result = query($sql);
			if ($row = mysql_fetch_object($result)) {
				
				$_SESSION['isLoggedIn'] = true;
				$_SESSION['ADMIN_SID'] = $row->admin_id;
				$_SESSION['ADMIN_NAME'] = $row->full_name;
				
				# За проверка на валидност на сесията
				$salt = substr(md5(date("F")), 8);
				$_SESSION['LOGGEDIN'] = md5($row->admin_id.$salt);
				
				redirect("index.php");
							
			} else {
				
				$error_message = 'E-mail and password doesn\'t match!';
				
			}
		}
	}
	
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<base href="<?=HTML_BASE_ADMIN?>"></base>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Administration Login</title>
<link href="css/style.css" rel="stylesheet" type="text/css" />
<link rel="shortcut icon" href="images/favicon.ico" />

</head>
<body>
<div id="wrap" class="clearfix">

<div id="wrapin" class="clearfix">
	<div style="width:406px; margin:100px auto 0; text-align:left;">
			
			<h3>Administration Login</h3>
            
            <form action="<?=$_SERVER['PHP_SELF']?>" method="post" enctype="multipart/form-data">
            <input type="hidden" name="is_submitted" value="1" />

			<dl class="clearfix" style="border:1px solid #ccc; background:#fff; border-radius:10px;">
			
			<?php if ($error_message) { ?>
			<div class="red" style="padding:10px;">
				<?=$error_message?>
			</div><br /><br />
			<?php } ?>
			
            <dt><label for="email" class="required">E-mail</label></dt>
            <dd class="short"><input class="inputbox" name="email" type="text" value="<?=$_POST['email']?>" ></dd>
			
			<dt><label for="password" class="required">Password</label></dt>
            <dd class="short"><input class="inputbox" name="password" type="password" value="<?=$_POST['password']?>" ></dd>
			
			<dd class="submit">
            <input type="submit" name="submit" id="submit" value="Login">
            </dd>
			
            </dl>
			</form>
			<div style="color:#999;font-size:11px;">  
        	<?=COPYRIGHT?>
			</div>
            
    </div><!--END: content-->
</div><!--END: wrapin-->
</div><!--END: wrap-->

</body>
</html>